William Genovese

Last updated December 08, 2023

William Genovese is a former greyhat hacker turned security professional, who goes by the alias illwill.

History

In the early 2000s, Genovese was a former figure in a loose-knit group of computer hackers who called themselves illmob. illmob.org, that was a security community website ran by Genovese, which, at the time, had many high-profile incidents related to it. Genovese now works as a private security consultant involved in the computer security industry, doing penetration testing, phishing, OSINT threat intel, mitigation. He is also a contributor to the Metasploit project.

Website controversy

In 2003, Genovese's website was the first to release 0day code that exploited the MS03-026 Windows RPC vulnerability, which was later used by unknown hackers to create variants of the W32/Blaster Worm.^[1] In response, Genovese released a tool he coded to remove the worm from infected Windows PC's.^[2]

In 2004^[3] federal authorities charged Genovese with Theft of a Trade Secret (US Code Title 18, section 1832), for selling the incomplete WindowsNT/2000 Microsoft source code to Microsoft investigators and federal agents, even though the code sold was already widely distributed on the Internet prior to his sale.^[4] Authorities used an obscure law enacted under the Economic Espionage Act of 1996, which had been traditionally adjudicated through private civil litigation.

In 2005, the illmob.org site had posted leaked images and phone book from Paris Hilton's^[5] T-Mobile Sidekick phone that were obtained from a fellow hacker.^[6]^[7] Reportedly, the data was obtained by social engineering and exploiting a vulnerability in a BEA WebLogic Server database function that allowed an attacker to remotely read or replace any file on a system by feeding it a specially-crafted web request. BEA produced a patch for the bug in March 2003 which T-Mobile failed to apply. The website was also mentioned in news articles, in connection with Fred Durst's^[8] sex tape leak which was stolen from his personal email account.

Hackerspace

From 2010 until his resignation in 2016, Genovese co-founded, and was a board member of a 501(3)(c) non-profit Hackerspace in Connecticut called NESIT, which he helped the local community by offering free classes on various network security topics, personal internet safety, reverse engineering, embedded electronic projects, 3-D Printing, and design. He helped build a virtualized pen-testing lab with a large server farm donation from a pharmaceutical company, where users can simulate attacking and penetrating machines in a safe lab environment.

Consulting

Since 2008, Genovese has reinvented himself as a security consultant, public speaker, and teacher. He does security consulting and performs penetration testing services for worldwide companies . He was also a co-founder and speaker at security conferences eXcon and BSides Connecticut (BSidesCT) in 2011, 2014, 2016, 2017, and 2018. In 2015 he was a panelist at DEF CON 23 in Las Vegas for a charity fundraiser to help a fellow hacker who was stricken with terminal cancer.

Related Research Articles

Klez is a computer worm that propagates via e-mail. It first appeared in October 2001. A number of variants of the worm exist.

SQL Slammer is a 2003 computer worm that caused a denial of service on some Internet hosts and dramatically slowed general Internet traffic. It also crashed routers around the world, causing even more slowdowns. It spread rapidly, infecting most of its 75,000 victims within 10 minutes.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

mydoom also known as, my.doom, W32.MyDoom@mm, Novarg, Mimail.R, Shimgapi, W32/Mydoom@MM, WORM_MYDOOM, Win32.Mydoom is a computer worm affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2023 has yet to be surpassed.

In computing, Download.ject is a malware program for Microsoft Windows servers. When installed on an insecure website running on Microsoft Internet Information Services (IIS), it appends malicious JavaScript to all pages served by the site.

Agobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer also known for leaking Half-Life 2 a year before release, was responsible for writing the first version. The Agobot source code describes it as: “a modular IRC bot for Win32 / Linux”. Agobot was released under version 2 of the GNU General Public License. Agobot is a multi-threaded and mostly object oriented program written in C++ as well as a small amount of assembly. Agobot is an example of a Botnet that requires little or no programming knowledge to use.

Bolgimo is a Win32 computer worm, a self-replicating computer program similar to a computer virus, which propagates by attempting to exploit unpatched Windows computers vulnerable to the DCOM RPC Interface Buffer Overrun Vulnerability using TCP port 445 on a network. The worm was discovered on November 10, 2003, and targets Windows NT, 2000 and XP Operating Systems.

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.

BlueKeep is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

References

↑ Malware FAQ: What is W32/Blaster worm? | SANS
↑ Windows Dcom Worm Killer | Full-Disclosure Mail List
↑ Defendant: Microsoft source code sale was a setup | The Register
↑ Statement from Microsoft Regarding Illegal Posting of Windows2000 Source Code
↑ Paris Hilton's Sidekick hacked | The Register
↑ They'll Always Have Paris | Washington Post
↑ Hacker penetrates T-Mobile systems
↑ "Who Does Fred Durst Think He Is? - Blender". www.blender.com. Archived from the original on 30 March 2010. Retrieved 12 January 2022.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Malware FAQ: What is W32/Blaster worm? | SANS

[2] Windows Dcom Worm Killer | Full-Disclosure Mail List

[reg_2004_11_12-3] Defendant: Microsoft source code sale was a setup | The Register

[4] Statement from Microsoft Regarding Illegal Posting of Windows2000 Source Code

[5] Paris Hilton's Sidekick hacked | The Register

[6] They'll Always Have Paris | Washington Post

[7] Hacker penetrates T-Mobile systems

[8] "Who Does Fred Durst Think He Is? - Blender". www.blender.com. Archived from the original on 30 March 2010. Retrieved 12 January 2022.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]